Local System Access to Network Share

[Travis Ausen]

I'm using an application that can run as local system
account. It will also use logged in user credentials to
access network resources. However I'm noticing that even
when logged off the application is still able to access
network resources if any of the following groups have
read privileges to the resources. The groups I've tried
and tested would be Everyone, Network, or Authenticated
Users.

I'm not creating Null Session Shares by editing the
registry to allow Null Shares on the particular
resource. However, recently I've been to a seminar
regarding Windows Server 2003. Part of the conversation,
I missed part of it, talked about restrictanonymous is
this effecting my logged off PC?

I don't want the application I'm using accessing the
network resource without supplied credentials. I could
change the user rights and remove either Everyone,
Network, or Authenticated Users. But, I'd like to
understand how or why this application is getting access
to this network resource via those groups.

 

[Ricardo M. Urbano - W2K/NT4 MVP]

Travis, this is quite disturbing. I was part of a discussion in this NG
some months back where I learned that the local SYSTEM account can
access remote network resources if the Everyone group on that remote
machine had been granted access to that network resource.

I was shocked to learn this, but I didn't pay it too much mind since I
always remove all rights for Everyone and replace them w/ Authenticated
Users, but now you're saying even that allows access.

I don't have an answer for you, but I did know part of the story. I'd
be interested in anything you might find out.

BTW, what OS is hosting the remote network resources??